APIC-EM and Prime Infrastructure

Management and Orchestration Overview

Automation & Orchestration SolutionsFlexibility of Choice

FlexibleDIY Simple

NSO‘00s of customers

Prime Infrastructure10s of ‘000s of customers

APIC-EM10s of ‘000s of customers

SP’s and GES SP Wifi and All Enterprises All Enterprises

Programmable Configuration Template Based Configuration Policy “Easy Button”

Service Orchestration / Automation Network Management DNA Controller

Network DevOps

$$$

Traditional Ops

$

SDx Transformation

$

Automation

Abstraction and Policy Control

from Core to Edge

Open and Programmable | Standards-Based

Open APIs | Developers Environment

Service Management UI

Policy | Orchestration

Virtualization

Physical and Virtual Infrastructure | App Hosting

Analytics

Network Data,

Contextual Insights

Network-enabled Applications

Cloud-enabled | Software-delivered

Cisco Digital Network Architecture

Enterprise

Architecture/ NFV

Available on Cisco® DNA-Ready Infrastructure Through Cisco ONE™ Software

APIC-EM Automation

PlatformAvailable now

Base automation: Plug and Play

Available now Cloud version controlled availability June

2017

Policy services: IWAN App and

EasyQoS

Available now

Prime

Infra Now

TBDFuture

June

2017

Cisco Prime Infrastructure 3.xIntegrated wired/wireless lifecycle, assurance and Data Center management

Comprehensive Manageability

– Customizable out-of-the-box Cisco best

practices and validated design configuration

templates for wired/wireless devices

– RF planning and optimization

– Manage L2/L3 services, DMVPN, GETVPN,

Zone-based Firewall, ScanSafe

– Plug-in-play Automated Deployment

– 360° End-user connectivity and application

experience monitoring & troubleshooting

– Multi-NAM management

– Infrastructure lifecycle reports – EoX & PSIRT

– 3rd party device support

– Scalable, deployable, extensible

•Comprehensive Lifecycle mgmt – simplify

end-to-end network operations

•Deep application visibility and performance

Assurance

•Rich compliance auditing and reporting

•One install – Single-pane-of-glass soln

Integrated Platform

APIC-EM

`

APIC-EM Delivers IT Flexibility

Enabling Automation Through Innovative Management Principles

OPEN

Static Programmable

Expert CLI Policy + GUI

Greenfield Brownfield + Greenfield

SIMPLE

A B

Manual Automated

Box-Centric Network-wide

Provision in Months Hours

Common Policy Model from Branch to Campus

Application Network Flow Profile

SLA, Security, QoS, Load Balancing

User and Things Network Profile

QoS, Security, SLA, Device, Location, Role

Cloud Campus Core WAN Access

POLICY

Campus WAN AND ACCESS

CISCO® ADVANTAGE

BROWNFIELD AND

GREENFIELDEND TO END

POLICY FRAMEWORK: FOCUS ON

APPLICATION AND USER ENABLEMENT

Inventory/Grouping

EM

Discovery

• New Discovery UI for improved UX

• Easy identification of devices with failures for faster troubleshooting

• Editing of Existing Discovery Jobs

• Cloning of Discovery Jobs to quickly create new ones

• Discovery History to track changes

`

Device Inventory - Hardware Layout

Detailed device inventory information

`

Device Inventory - Hardware Layout

Real-time Device Configuration

Topology Visualization/ Path Trace

Analysis

Topology

• Geo-Tagging (Mapbox) for easier management of network topology

• Tagging based on Civic Address or Zip code

• RBAC scope based topology view

• Improved UX

• Faster Topology Rendering

• Easier identification of collaboration endpoints such as Phones

• Ability to disaggregate multiple devices all at once

`

Path Trace App: 5-Tuple Input Through User Interface

Note: Layer 4 port and protocol information is optional but highly recommended for accurate path calculation

Required Information

SRC and DEST IP address

[End host or L3 interface]

Optional Information

SRC and DEST L4 port numbers;

L4 protocol (TCP or UDP)

`

Path Trace App: Enhanced ApplicationFlow Visibility

CAPWAP Tunnel

Visualization

Accuracy Note

(in a percentage)

Link Source

Information

Ingress/Egress

Interface

Interface/QOS Stats

IWAN

Cisco Confidential 28© 2010 Cisco and/or its affiliates. All rights reserved.

EasyQoS

EasyQoS GUIDefine Application Business-Relevance

PNP (Plug and Play)

How it Works: Cisco PnP Application

Plug & Play

Enterprise-wide scale

Automated workflow

Pre-provision1 Discovery2 Secure Deployment3

Discovery1 Un-claimed Devices2 Secure Deployment3

Network PnP app pre-provisioned

with device SR number

Configure device discovery

• DHCP Option-43 or DNS

• Installer powers on devices

• Devices download image and

configuration

• Installer powers on devices

• Devices securely connect

to APIC-EM server, waiting

to be ‘claimed’

• Network admin claims devices

based on device information

• Device downloads image

and configuration

Configure device discovery

• DHCP Option-43 or DNS

Network PnP app on APIC-EM

AdminEM

DHCPServer

DNSServer

OR

PnP-Agent PnP-Agent

EM

Device Authentication

Download Image and Configure

Installer

Network PnP app on APIC-EM

AdminEM

DHCPServer

DNSServer

OR

PnP-Agent PnP-Agent

EM

Device Authentication

Download Image and Configure

Installer

PnP Server Discovery Options

Switches (Catalyst®) Routers (ISR, ASR) Wireless Access Points

1

2

3

4

5

DHCPServer

DNSServer

DHCP with options 60 and 43

PnP string: 5A1D;B2;K4;I172.19.45.222;J80 added to DHCP Server

DNS lookup

pnpserver.localdomain ---- resolves to APIC-EM IP address

Cloud re-direction

https://devicehelper.cisco.com/device-helper re-directs to APIC-EM IP Address

USB-based bootstrapping

Manual - using the Cisco® Installer App

iPhone, iPad, Android, and PC (roadmap - Windows mobile)

APIC-EM Roadmap

Roadmap Disclaimer

Many of the products and features described herein remain in varying stages of development and will be offered on a when-and-if-available basis. This roadmap is subject to change at the sole discretion of Cisco, and Cisco will have no liability for delay in the delivery or failure to deliver any of the products or features set forth in this document.”

APIC-EM And Apps Roadmap

v1.3, Oct 2016 v1.4, Feb 2017 V2.0, Aug 2017 V2.1, Nov 2017

SFA 1.1

Sw Image

Mgmt

EasyQoS

beta

EasyQoS

GA 1.0

IWAN 1.1 IWAN 1.2

Platform

Apps

PnP 1.1PnP Cloud

CA

Path Path +Smart

Troubleshooting

Config Mgmt

ESA 1.0

Flexible PnP

Complete DNA

flexible GUI

ESA 1.1

(remove PI

dependency)

Prime Infrastructure

Cisco Prime Infrastructure - OverviewRealizing the Vision of One Management

Convergence Consolidation Cisco Advantage

Lifecycle

Converged

management with

integrated best practices

UCS Server

Assurance

Bridging Network and

Compute

Assurance

End-to-end application

experience and visibility

Op

s C

en

ter

Distributed

• Supports up to 10 Prime Infrastructure instances

• Addresses geographic distribution, scalability, resiliency and

visibility

• Single pane of glass monitoring with click-through

management

Centralized

• Central view of assets, alarms and clients

• Single sign-on

• Dashlets aggregated from PI instances

• Central Virtual Domain Management – can add/delete domains from

OpCenter

Scalable

• Consolidated view of network health

• Consolidated view of health of each PI instance

• Reports scheduling from one interface

Operations CenterCentralized Visualization of Multiple PI Instances

Prime Infrastructure 3.1 License Model Overview

Base License

Prime Infrastructure Management Node

(physical or virtual appliance)

ONE-mgmt-Lic(per device type)

One and only one base

license required for

each management

node (physical or

virtual appliance)

• Available per device type (token

based)

• License for each device is include in

Cisco ONE bundles

• Example AP = 1 token

• 29/3900 Rtr = 2 tokens

• ASR1k = 3 tokens

• Cat6k = 3 tokens

• Nexus 7k = 14 tokens

No Node Lock-Also will

accept previous PI 2.x

license files.

License

Dependency

UCS Server

Management (per chassis/blade)

Available in incremental

bundle sizes of 1 (UCS

server does not

consume a LF license,

but LF is required)

HA License

PI Operations

Center (per PI Instance )

Licensed per managed

PI instance or PI HA

pair

Note: Grandfathering Algorithm runs upon the installation of MR3 or MR4

PI 2.x license users, please add devices to inventory before installing MR 3/4

BRKNMS-2701 40

Cisco Confidential 41C97-732036-00 © 2014 Cisco and/or its affiliates. All rights reserved.

Cisco Prime Infrastructure 3.1Technical Overview

Modern User Interface

• Tablet friendly

• Metrics widgets

• Same Menu Structure as 2.2

• Correlated Charts

• Dashboard Export

• Dashboard Tagging for favorites

Inventory InformationView Details for the Network Devices

Device and

Image Details

Network TopologyMonitor the status/services of the Sites in your network

Visualize

• L2 Topology of the network

• Alarms for the Devices

• Device 360 View

• Links status between the devices

• Link 360 View

4

8

Filters

Zoom Settings

Interferers

Active Rogue

AP’s

Clients tracked via

MSE

Yellow – AP’s with

non-critical alarm

Site Maps ConfigurationHeat Maps to visualize the RF environment

Neighbor AP

information and the

RSSI value

Cisco Confidential 49© 2013-2014 Cisco and/or its affiliates. All rights reserved.

Compliance and Configuration Mgmt

Configuration ArchiveNetwork Devices

Archive and Versioning of Configuration

Fetch & store all the configurations on network devices

Store multiple versions of configurations.

Job based for periodic archival

Detect changes done outside the PI server and archive the change

Compare Configuration

View configurations

Compare configurations between versions of same or different devices

Reporting configuration mismatches

Rollback Configuration Rollback

Update the configuration on a device in the network

Ability to specify which configurations to download.

Ability to specify options like reboot, write mem etc

Job based

Configuration diff from the

pervious version

Configuring Network DevicesTemplates for Routers, Switches and WLCs using Best Practices

Types of Templates :

Model Based Templates for AVC, Security, WAAS etc

CLI OOTB Templates

User Defined CLI Templates

Composite Templates to group multiple individual templates together

User Defined Templates :

Has CLI converted to set of

parameters whose values are

provided during deploy time

Use Apache’s Velocity

Template Language (VTL)

Data Types that can be used for

Scripting

Effective Software Image Management (SWIM)

• Ability to add images to software repository

• Archive from current devices

• Manual upload

• Ability to handle parallelism and sequencing

• Use external SCP/SFTP/FTP servers

• Ability to push image using different transport protocols

Baseline Configuration Compliance

• Define configuration baseline policies

• Perform compliance audits

• View compliance audit violations

• Option to fix violations

• Support for IOS, IOS-XE, IOS-XR, NX-OS, AireOS, and ASA devices

Getting Started with Compliance(3.0) Compliance needs to be enable

Go to Administration > Settings >System Settings > Server

Select Enable and Click Save

You must Restart the Server for changes to take effect (NCS Stop/NCS start)

Note: Compliance requires Std/Pro

OVA or Gen2 hardware appliance

55

• Works on most common Cisco platforms

IOS, IOS-XE, IOS-XR, NX-OS, StarOS, AireOS

• Flexible Rules engine including

Input Parameters, Complex Logic, Condition Checking

• Customizable Policy including

Violation Message, Severity & Fix CLI

• Ability to schedule recurring jobs

• Includes EoX / PSIRT reports

Industry Class Configuration Baseline Compliance*

Compliance

Policy

Rule

*requires Std/Pro OVA or Gen2 hardware

appliance

Cisco Confidential 57© 2013-2014 Cisco and/or its affiliates. All rights reserved.

Reports

PSIRT/EOX Reports

Cisco Confidential 59© 2013-2014 Cisco and/or its affiliates. All rights reserved.

Trouble shooting w. 360 View

Device Monitoring Device 360 View – Device Troubleshooting (Wired and Wireless)

Quick Launch

point for

Smart

Interactions

Can quickly do a ping and

traceroute to this device

On click shows the following

OS version and status

License used/Capacity

Number of Active Aps

Number of Active Clients

CPU and Mem utilization

Provides snapshot of wired/wireless interfaces, alarms, neighbors and WLAN

Launch the 360 view from

any dashboard

61

Device 360 View

Cisco Confidential 62© 2013-2014 Cisco and/or its affiliates. All rights reserved.

Services (IWAN)

Hub with PfRv3 Master

Controller & Border

Routers

Spoke with Single Router

and Dual Routers

6

4

IWAN Configuration Workflow

PfRv3 Monitoring• Quick view to identify nodes with issues

• Sliding timeline to zoom to a specific period

• Detailed view of the site health

• Show PfR events that were

resolve and unsolved

Interface Monitoring

Ability to “look” into the QOS Classes

Cisco Confidential 68© 2013-2014 Cisco and/or its affiliates. All rights reserved.

New Plug & Play workflow-Zero Touch Deployments

Plug and Play Dashboard

Easy to understand

Plug-n-Play lifecycle

Smoothly transition

between various

stages of the PnP

lifecycle

Easy to find Profile

statistics right on the

dashboard

Quick Access to PnP

Jobs from the

dashboard

How it Works: Cisco Prime Infrastructure PnP

Plug & Play

Enterprise-wide scale

Automated workflow

Pre-provision1 Discovery2 Secure Deployment3

Discovery1 Un-claimed Devices2 Secure Deployment3

PI is integrated with APIC-EM.

Devices are pre-provisioned with

device SR number

Configure device discovery

• DHCP Option-43 or DNS

• Installer powers on devices

• Devices download image and

configuration

• Installer powers on devices

• Devices securely connect

to APIC-EM server

• Device downloads image

and configuration

• All device information is passed

back to Prime Infra

Configure device discovery

• DHCP Option-43 or DNS

Prime Infra + APIC-EM

AdminEM

DHCPServer

DNSServer

OR

PnP-Agent PnP-Agent

PI

Device Authentication

Download Image and Configure

Installer

Prime Infra + APIC-EM

AdminEM

DHCPServer

DNSServer

OR

PnP-Agent PnP-Agent

EM

Device Authentication

Download Image and Configure

Installer

Prime Infrastructure Roadmap

Roadmap Disclaimer

Many of the products and features described herein remain in varying stages of development and will be offered on a when-and-if-available basis. This roadmap is subject to change at the sole discretion of Cisco, and Cisco will have no liability for delay in the delivery or failure to deliver any of the products or features set forth in this document.”

• Full Hyper-V hypervisor support (2012 + 2016)

• FIPS Compliance*

• New Custom Reporting Framework

• Customization of Alarms and Notifications

• DMVPN Monitoring

• Regulatory Policy Compliance (PCI – now in beta, STIG – beta coming soon)

• Hi Fidelity Wireless Maps

• Enhanced 3rd Party Device Support (incl. SDK)

PI 3.2 (ETA April 2017)

Cisco Confidential 78C97-732036-00 © 2014 Cisco and/or its affiliates. All rights reserved.

Cisco Prime Infrastructure Resources

Americas

Edition

APJC

Edition

EMEAR

Edition

Every Week* Prime Demo Series Topic Same Time Same Place

Every Monday Cisco Prime IP Express

11 a.m. Pacific

(San Jose time)

(90 mins)

bit.ly/PrimeDemo

No registration required

Every Tuesday Cisco Prime™ Collaboration

Every Wednesday Cisco® Prime NAM and NGA

Every Thursday Cisco Prime Infrastructure

Every Week* Prime Demo Series Topic Same Time Same Place

Every Thursday Cisco Prime Infrastructure

12 p.m.

Singapore time

(90 mins)

bit.ly/PrimeDemo_APJC

No registration required

Every Week* Prime Demo Series Topic Same Time Same Place

Every Tuesday Cisco Prime Collaboration 10:30 a.m. CET

(Paris, Berlin)

(90 mins)

bit.ly/PrimeDemo-EMEAR

No registration requiredEvery Thursday Cisco Prime Infrastructure

Cis

co

Pri

me

Dem

o S

eri

es

Op

en

to C

usto

mers

, Partn

ers

an

d C

isco

Peo

pleEvaluations | VoDs | Product Info | Etc. www.cisco.com/go/prime-demo

* Exceptions: No sessions on major public holidays for a given region or during the Cisco shutdown

Learning ResourcesFee-Based and Free Resources Are Available

Instructor-led training (fee) Three days of training available from learning partner

www.cisco.com/go/primeinfrastructure and select Get Training

Electronic-led training (free)

More than three hours of training available on Cisco.com

www.cisco.com/go/primeinfrastructure and select Get Training

Cisco Prime™ Demo Series (free)

Weekly 90-minute customer facing webinars

http://www.cisco.com/go/prime-demo

Cisco Confidential 81© 2010 Cisco and/or its affiliates. All rights reserved.

Prime Advanced Service PortfolioEnterprise Networks

Prime Infrastructure --

Lifecycle

Prime Infrastructure --

Assurance

Prime LMS Deployment

2 Week Engagement 2 Week Engagement

• Develop application

monitoring design

• Examples: Netflow, NBAR,

NAM, Performance Agent

• Tuning of the alarms and

thresholds for applications

2 Week Engagement

• Knowledge transfer (shadowing of

deployment)

• Customized User Groups (Limited to 7)

• Basic segmentation (Site, Device Group

and Virtual Domains--Limited to 15 ea)

• Coordinate pre-discovery and device

requirements

• Discovery of the network infrastructure

(supported devices only)

• Troubleshooting discovery issues

• Tuning of the alarms and thresholds

• Knowledge transfer (shadowing of

deployment)

• Customized User Groups (Limited to 7)

• Basic segmentation (Site, Device Group

and Virtual Domains--Limited to 15 ea)

• Coordinate pre-discovery and device

requirements

• Discovery of the network infrastructure

(supported devices only)

• Troubleshooting discovery issues

• Tuning of the alarms and thresholds

3.0 Videos on Cisco Community

Video Title Duration

(mins)Link

Prime Infrastructure 3.0 UI Introduction 9:54 https://communities.cisco.com/videos/13946

Configuration Compliance (Short) with Cisco Prime Infrastructure 3.0 7:28 https://communities.cisco.com/videos/13941

Client Troubleshooting with Cisco Prime Infrastructure 3.0 12:02 https://communities.cisco.com/videos/13940

PnP with APIC-EM using Cisco Prime Infrastructure 3.0 8:38 https://communities.cisco.com/videos/13949

QoS Configuration & Monitoring with Cisco Prime Infrastructure 3.0 14:52 https://communities.cisco.com/videos/13950

PfR Monitoring with Cisco Prime Infrastructure 3.0 5:56 https://communities.cisco.com/videos/13943

Operations Center with Cisco Prime Infrastructure 12:08 https://communities.cisco.com/videos/13945

Nexus 9K Management with Cisco Prime Infrastructure 8:06 https://communities.cisco.com/videos/13947

Datacenter Monitoring with Cisco Prime Infrastructure 24:06 https://communities.cisco.com/videos/13948

Configuration Compliance (Detailed) with Cisco Prime Infrastructure 3.0 22:47 https://communities.cisco.com/videos/13944

IWAN Management with Cisco Prime Infrastructure 3.0 45:02 https://communities.cisco.com/videos/13942

Application Troubleshooting using Cisco Prime Infrastructure and Cisco

Network Analysis Module (NAM)

30:48 https://communities.cisco.com/videos/13938

Resources on Cisco.com

Cisco Prime™

Cisco® Prime Infrastructure

Cisco Prime Partner Community

Free Trial and NFR Software Downloads

www.cisco.com/go/prime

www.cisco.com/go/primeinfrastructure

https://communities.cisco.com/community/partner/cisco-prime

www.cisco.com/go/nmsevals

Cisco Prime™ Demo Series

http://www.cisco.com/go/prime-demo

ESA (Enterprise Service Automation)

ESA (Enterprise Service Automation):ESA aids with orchestration, automation of processes, and service chaining of virtual and physical branches. ESA can design, provision, manage, and monitor the hardware, the hosting platforms and the software services required for successfully getting a new branch up and running.

Benefits:- Service Design: Allows IT architects to create uniform network designs with flexibility to provide standardized configurations.

- Plug and Play: Provides automated zero-touch deployment and day-zero provisioning for the hardware platforms connecting to the network.

- Virtual Service Chaining: Automates service chaining to prevent manual service chaining errors and reduce time required for troubleshooting connectivity issues.

- Role-based Authorization and Control: Supports an RBAC model, providing the IT organization flexibility to define tasks for each role.